If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Document integrity still at the mercy of human error

Too many organizations are relying on IT departments to protect company information, particularly sensitive data that is shared electronically and must meet compliance regulations.
Issues surrounding document integrity have come to the fore in recent months with one high-profile case involving the Victorian Police.

The database breach led to Victoria Premier Steve Bracks declaring he was "sick and tired" of security breaches involving classified files.

IFocus consultant James Kaminski said organizations need to make their employees "information literate" by creating a culture of best practice for the entire life cycle of company information.

"Most employees are expected to create, use and manage information and make informed decisions," he said. "But a common mistake is for business units to rely on IT departments instead of building information literacy throughout the whole organization."

Kaminski said that successfully managing information requires a focus on two very different areas: technical tools and human behavior. He said there is too much reliance on the technical side when it comes to storing and managing structured data.

"Business rules and procedures provide governance for managing information, but it is the people's ability to understand and interpret those rules that often fails," he said.

However, software provider Workshare believes technology is the solution, because most document integrity policies are flawed as the onus is on people to make manual checks rather than using software to do it for them.

Workshare's Asia-Pacific general manager, Andrew Pearson, said information integrity is too important to be at the mercy of human error.

Last week, Workshare launched part one of a global campaign, entitled Five Steps to Document Integrity, to combat a phenomenon known as the "Inside-Out" threat.

This is the opposite of malicious external threats such as hacking or computer virus attacks, which most companies' security strategies are set up to combat.

Pearson said the inside-out threat is still not taken seriously in Australia.

"The inside-out threat is still not understood or taken seriously; many companies believe they have effective data governance policies and document integrity solutions. Frankly, many don't."

\"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....SpafEverytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster

I'd have to agree with Kaminski. Putting any technology solution in place should always keep the following three in mind: "People, processes, tools".

Too often, organisations look at the tool bit only. How often have you seen a new software solution being implemented around broken processes? Too often for me.

Some organisations do take the time to review their processes during the implementation process. This allows them to review whether their processes work, and/or, whether the process can be implemented as is.

Very few organisations consider the human aspects. Human nature tends to resist change if it's not explained or if it doesn't see the immediate benefit for them.

Overall, there is very little interest in the three aspects at the same time. And believe me, I'm in the middle of it right now, trying to implement a new software solution where we spent a lot of the last few months concentrating on the tool aspect, but not on process and people.

Yes, minimising human error is good, but training and good governance processes can help you reduce the margin of error that remains in any technical solution.

Just my two bits ...

Cheers,

BrainStop

"To estimate the time it takes to do a task, estimate the time you think it should take, multiply by two, and change the unit of measure to the next highest unit. Thus we allocate two days for a one-hour task." -- Westheimer's Rule

I think the process of keeping organization's data {which is on of the most important assets of the business}, should be integrated into all business departments.

Firstly, all employees are to be familiar with the overall security policy, this means telling them how they should deal with data in hand ....

It is always known that human factor is always the weakest, we can patch a bug in applications, but can we patch someon's mind? {training might do, but what if it did not work, many compnies train their staff but errors still occur)

cheers

\"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....SpafEverytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster